Mr. Chair, Mr. Clerk, and honourable committee members, thank you for the opportunity to testify before you regarding Canada's national security framework.
Following a set of national consultations regarding the Anti-terrorism Act, formerly Bill C-51, the Liberal government drafted Bill C-59, An Act respecting national security matters to replace the Anti-terrorism Act.
I have reviewed the bill and will comment on it through a human rights lens. Securing the safety of its populace is a fundamental function of government. It is without question that government and its agencies must be equipped with the means necessary to prevent, counter, and address evolving threats in the digital age. In that same vein, a balance must be struck between securing public safety and respecting rights, ensuring any limitations placed on rights are necessary, proportionate, and reasonable.
As a human rights professor, I am pleased to see language recognizing the need to maintain respect for the Canadian Charter of Rights and Freedoms, the rule of law, accountability, and transparency within Bill C-59. The establishment of a national security and intelligence review agency with a mandate to review national security activities, consider complaints, and advance investigations is arguably the most significant advancement.
The bill also establishes an intelligence commissioner to review the reasonableness of Canadian Security Intelligence Service and Canadian Security Establishment authorizations regarding, inter alia, intelligence gathering and cybersecurity. Though Bill C-59 has addressed some shortcomings found in the Anti-terrorism Act of 2015, concerns remain regarding its impact on human rights, particularly the rights to privacy, freedom of assembly and association, freedom of expression, liberty and security, democratic rights, due process rights, and anti-discrimination protections.
Due to time constraints, this testimony focuses on concerns with amendments to the Canadian Security Intelligence Service Act regarding the collection, querying, exploitation, and retention of datasets. The act defines a “dataset” as the collection of information stored as an electronic record and characterized by common subject matter. A dataset could thus encompass any thematic electronic documentation, provided it is a publicly available dataset, relates primarily to non-Canadians living outside of Canada, or constitutes an approved class.
Though it is reassuring that a newly established intelligence commissioner would review classes of datasets to safeguard against abuse, the remainder of section 11.05(2) is read with caution. Use of the term “publicly available dataset” is misleading, as it can include information that is considered private under the Privacy Act, but is available in the public arena, potentially without the consent or knowledge of the person concerned. In other words, publicly available data can extend to private information made public on request, by subscription or by purchase. Rather than exploit this vulnerability by legitimizing and encouraging the commodification and exploitation of the public's data, the Government of Canada has a positive obligation to protect its populace against infringements by third parties that may compromise individual privacy in exchange for profit.
Granting government authority to collect publicly available data appears innocuous, but can reveal highly personal information in violation of the right to privacy. I also caution Canadians against blindly accepting mass government surveillance of foreigners. Though targeted surveillance may be necessary to thwart legitimate threats to peace and security, mass surveillance opens the door for foreign nations not accountable to Canadian voters to collect information about Canadians and share it with our governments, other nations, or corporations.
Under these circumstances, the Government of Canada could also place foreigners in danger by revealing compromising information to governments with poor human rights records. Differential respect for the privacy of Canadians versus non-Canadians outside the country also constitutes a violation of non-discrimination under the international covenant on civil and political rights.
The United Nations special rapporteur on the right to privacy has maintained that the distinction between one's own citizens and foreigners is not in compliance with the principles of the universal right to privacy.
Failing to properly restrain invasions of privacy could prompt charter violations of section 8 protecting against reasonable search or seizure or the promotion of presumption of innocence under section 11(d). In order to satisfy that such limitations are “demonstrably justifiable in a free and democratic society”, the onus is on the Government of Canada to prove these limitations are of sufficient importance, rationally connected to the objective, minimally impair rights, and produce an outcome that outweighs the gravity of the problem it seeks to address.
Though protecting public safety and national security is of sufficient importance to warrant a well-defined, targeted invasion of privacy, the mass collection of data that could lead to results that are relevant to the performance of CSIS's duties and functions is not sufficiently important to encroach on constitutionally protected rights.
Similarly, blanket collection of datasets merely “relevant” to the duties and functions of the service fails to demonstrate a direct rational connection to protecting public safety. If there is no direct connection to maintaining public safety and national security, why does the Government of Canada consider these proposed powers to be a necessary component of the national security framework?
The United Nations special rapporteur on the promotion and protection of human rights while countering terrorism has warned that “restrictions falling short of being necessary...constitute 'arbitrary' interference” with the right to privacy. The special rapporteur further stressed that, “for a restriction to be permissible, it is not enough that it serves one of the enumerated legislative aims; it must also be necessary for reaching the legislative aim.” Given that the aim of Bill C-59 is to protect national security, the blanket collection of any data relevant to the work of CSIS does not satisfy this test.
Information respecting the protection of public safety and national security in Canada should be narrowly defined and collected only “to the extent that is strictly necessary” and when there are reasonable grounds to suspect a threat to the security of Canada. If we allow the bulk collection and storage of personal data without a person's knowledge, consent, or ability to challenge the nature and authenticity of information collected, the next step could be to misuse, alter, deliberately conceal, or manipulate information.
Indeed, the Canadian Security Intelligence Agency Act allows a CSIS director to authorize designated employees to commit direct “acts or omissions that would otherwise constitute offences” in carrying out their duties and responsibilities. Theoretically, the minister could authorize the collection of datasets intended to assist CSIS employees with carrying out otherwise criminal activity. Are these powers consistent with the preamble of Bill C-59, which claims to respect the Canadian Charter of Rights and Freedoms, the rule of law, as well as accountability and transparency, while championing national security?
Amendments to the act do advance safeguards, but the nature of these safeguards raises concerns. The bill includes provisions calling for this service to delete information and datasets regarding the physical or mental health of an individual, information subject to solicitor-client privilege, and material in foreign datasets regarding Canadian citizens. This suggests some datasets will encapsulate information that should be accorded the highest degree of privacy.
The question is, why would the minister and intelligence commissioner approve a dataset that could potentially reveal this type of information about someone who has done nothing wrong? Further, the amendments should expressly state that accidental collection of such data will result in its total destruction, which clarifies the desired outcome more precisely than using the term “delete”.
The Supreme Court of Canada has emphasized that “the protection of privacy is a prerequisite to individual security, self-fulfilment and autonomy as well as the maintenance of a thriving democratic society.” Though not constitutionally protected itself, the right to privacy is essential for the maximum expression of most rights found under the charter, including freedom of expression; freedom of peaceful assembly; freedom of association; the right to vote; the right to life, liberty, and security; fair trial rights, including prevention of unreasonable search and seizure, protecting the presumption of innocence, and maintaining solicitor-client privilege as part of satisfying the right to a fair trial, particularly, the provision against self-incrimination.
Acknowledging the impact on constitutionally protected rights, any limitation of privacy rights should be justified under section 1 of the charter by applying the Oakes test. If the courts identify—